Google admitted Friday to the British data protection authorities that it failed to keep its promise to destroy data its Street View cars sucked up from private Wi-Fi networks. True to its form throughout out the Wi-Spy scandal, the Internet giant claimed it was all a mistake.
"Google apologizes for its error," wrote Peter Fleischer, Google's Global Privacy Counsel (an oxymoron of a title by the way) in a letter to Steve Eckersley, Head of Enforcement for the Information Commission's Office.
Why am I not surprised? Whenever Google executives get caught with their fingers in the cookie jar — something that is happening with increasing frequency — they claim it was all a mistake and "apologize." Frankly it's getting a little tiresome.
Here is how Fleischer put it:
"In recent months, Google has been reviewing its handling of Street View disks and undertaking a comprehensive manual review of our Street View disk inventory. That review involves the physical inspection and rescanning of thousands of disks. In conducting that review we have determined that we continue to have payload data from the UK and other countries."
Let's review what happened with the Wi-Spy scandal. Google deployed its Street View cars to photograph city streets in 30 countries around the world. What it didn't say was that it was gathering Wi-Fi "payload data" — emails, passwords, health and banking data — from private networks as the cars drove by.
When the Germans asked what was going on back in 2010, Google said its cars were only mapping the location of Wi-Fi networks. Then Google said it was gathering payload data, but it was all by mistake and was only insignificant snippets. Then it said it was the work of one rogue engineer.
Data protection officials investigated and in a number of cases like in the UK and Ireland accepted the corporate apologies and promises that the data would be destroyed. That was supposed to have happened in December 2010 in the UK.
As the result of a recently concluded Federal Communications Commission investigation we now know that gathering the Wi-Fi data was not an accident or mistake. It was described in Street View project design documents as "War Driving" and the engineer responsible discussed the plans with his colleagues and managers.
The FCC fined Google $25,000 for obstructing its Wi-Spy investigation and concluded that it could not determine if the Wi-Spy effort had broken any laws. The Commission said a primary reason that it could not decide was because the engineer who wrote the code exercised his Fifth Amendment right not testify, Google has tried to portray the FCC's report has finding that no laws were broken. That's not true at all. The FCC said it could not determine if laws were broken, big difference.
The British were disturbed enough by the FCC report that the Information Commission's Office re-opened its investigation of Wi-Spy. The ICO Friday told Google it wants to see the data before it decides what to do.
“The ICO is clear that this information should never have been collected in the first place and the company’s failure to secure its deletion as promised is cause for concern,” a spokesman said.
Google says it still has data that was supposedly destroyed from France, Belgium, the Netherlands, Norway, Sweden, Finland, Switzerland, Austria and Australia.
Ireland’s deputy commissioner for data protection, Gary Davis, called Google’s failure “clearly unacceptable.” Davis said his organization had conveyed its “deep unhappiness.”
I'd say the time for "concern" and "deep unhappiness" has long passed. The data protection authorities need to do something that will get the Internet giant's attention. They should levy the maximum fines possible. In the ICO's case, for instance, that would be 500,000 pounds or about $780,000.
Meanwhile, the investigation of the Wi-Spy scandal by 35 state attorneys general, led by Connecticut AG George Jepsen is described as "active and ongoing."
And, if there were ever any doubt, it's now clear that you simply can't trust Google to keep its promises.